API Authentication

Conto supports multiple authentication methods for different use cases.

Authentication Methods

Method	Use Case	Key Format
Session	Dashboard (browser)	HTTP-only cookie
SDK Key	Agent payments	`conto_agent_xxx...`
API Key	Programmatic access	`conto_xxx...`

SDK Keys (Agent Authentication)

For AI agents making payments, use SDK keys:

curl -X POST https://conto.finance/api/sdk/payments/request \
  -H "Authorization: Bearer conto_agent_abc123..." \
  -H "Content-Type: application/json" \
  -d '{"amount": 100, "recipientAddress": "0x..."}'

Generate SDK Key

curl -X POST https://conto.finance/api/agents/{agentId}/sdk-keys \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -d '{"name": "Production Key", "expiresInDays": 90}'

SDK Key Scopes

Scope	Description
`payments:request`	Request payment authorization
`payments:execute`	Execute approved payments
`payments:status`	Check payment status

API Keys (Organization Authentication)

For full platform access, use organization API keys:

curl https://conto.finance/api/agents \
  -H "Authorization: Bearer conto_abc123..."

Create API Key

curl -X POST https://conto.finance/api/api-keys \
  -H "Authorization: Bearer $CONTO_API_KEY" \
  -d '{
    "name": "Production Integration",
    "scopePreset": "STANDARD",
    "expiresInDays": 90
  }'

Scope Presets

Preset	Description
`READ_ONLY`	Read access to all resources
`STANDARD`	Full read/write except team management
`ADMIN`	Full access including team management

Available Scopes

Scope	Description
`agents:read`	Read agent data
`agents:write`	Create/update agents
`wallets:read`	Read wallet data
`wallets:write`	Create/fund wallets
`transactions:read`	Read transactions
`transactions:write`	Create transactions
`policies:read`	Read policies
`policies:write`	Create/update policies
`counterparties:read`	Read counterparties
`counterparties:write`	Manage counterparties
`alerts:read`	Read alerts
`alerts:write`	Manage alerts
`analytics:read`	Read analytics
`audit:read`	Read audit logs
`team:read`	Read team members
`team:write`	Manage team members
`admin`	Full access

Error Responses

Status	Code	Description
401	`AUTH_FAILED`	Invalid or expired key
403	`INSUFFICIENT_SCOPE`	Key lacks required scope
429	`RATE_LIMITED`	Too many requests

{
  "error": "Authentication failed",
  "code": "AUTH_FAILED"
}

Rate Limits

Endpoint Type	Limit
SDK Payments	60/minute per agent
SDK Read	120/minute per agent
API Write	100/minute per user
API Read	100/minute per user

Rate limit headers:

X-RateLimit-Remaining: 45
X-RateLimit-Reset: 2024-01-15T10:01:00.000Z
Retry-After: 30

Best Practices

Use Environment Variables

Never hardcode API keys:

const apiKey = process.env.CONTO_API_KEY;

Rotate Keys Regularly

Set expiration dates and rotate keys periodically.

Use Minimal Scopes

Only request the scopes you need:

{
  "name": "Analytics Reader",
  "scopes": ["analytics:read", "transactions:read"]
}

API Reference

​API Authentication

​Authentication Methods

​SDK Keys (Agent Authentication)

​Generate SDK Key

​SDK Key Scopes

​API Keys (Organization Authentication)

​Create API Key

​Scope Presets

​Available Scopes

​Error Responses

​Rate Limits

​Best Practices